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DETAILED ACTION 

1. Claims 1-24 are pending. 

Specification 

2. The disclosure is objected to because of the following informalities: 
On page 9, the acronym "DMS" should be replaced with "DSM". 
Appropriate correction is required. 

Claim Objections 

3. Claims 10 & 19-21 are objected to because of the following informalities: 

a. Regarding claim 10, "packet-labelling" should be replaced with "packet- 
labeling". 

b. Regarding claims 19 & 21, the claim number 19 is used for multiple claims (page 
20 of the specification). For the purposes of this Office Action, the first claim 19 (page 
20, lines 20-21) will be referred to as claim 19a and the second (page 20, lines 23-24), 
19b. Similarly, the first claim 20 (page 21, lines 1-2) will be referred to as claim 21a and 
the second (page 21, lines 4-5) will be referred to as claim 21b. Further, claim 20 is 
understood to depend from claim 19a and claim 21a is understood to depend from claim 
20. 

c. Regarding claim 20, "statistical usage collection means" should be replaced with 
"statistical usage collection". 

Appropriate correction is required. 

Claim Rejections - 35 USC § 112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 
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The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such fiill, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

5. Claims 13 & 19b are rejected under 35 U.S.C. 1 12, first paragraph, as failing to comply 
with the enablement requirement. The claim(s) contains subject matter which was not described 
in the specification in such a way as to enable one skilled in the art to which it pertains, or with 
which it is most nearly connected, to make and/or use the invention. 

d. Regarding claim 13, the specification does not disclose the authentication 
performed on the authentication message. 

e. Regarding claim 1 9b, the specification does not clearly define network resource 
management. 

6. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

7. Claims 21b-24 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Regarding claim claim 21b, the claim recites the limitation "the authorization client" in 
Une 1. There is insufficient antecedent basis for this limitation in the claim. 

Regarding claim 22, the claim recites the limitation "the authorization client" in line 1 . 
There is insufficient antecedent basis for this limitation in the claim. 

Regarding claim 23, the claim recites the limitation "the authorization client" in line 1. 
There is insufficient antecedent basis for this limitation in the claim. 
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Regarding claim 24, the claim recites the limitation "the authorization client'* in line 1 . 
There is insufficient antecedent basis for this limitation in the claim. 

8. For the purposes of this Office Action, ''the authorization client'' is understood to mean 
''the authentication agent '\ 

Claim Rejections - 35 USC §102 

9. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1 (a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

10. Claims 15, 17 & 24, as best understood, are rejected under 35 U.S.C. 102(e) as being 
anticipated by U.S. Patent 6,212,561 to Sitaraman et al. (Sitaraman). 

Regarding claim 15, Sitaraman discloses a user network interface/service selection 
gateway (Fig. 5, #1 16) for operatively collecting to a plurality of user networks/LAN (Fig. 5, 
#1 10) to receive data units from the plurality of user networks, an authentication agent/AAA 
server (Fig. 5, #1 14), operatively connected to the user network interface for authenticating, 
authorizing and forwarding data units (col 6, lines 11-35) received from the plurality of user 
networks/LAN, an external network interface/service selection gateway (Fig. 5, #1 16), 
operatively connected to the authentication agent/AAA server (Fig. 5, #1 16), for forwarding data 
units authorized by the authentication agent/AAA server (Fig. 5, #114) to an external 
network/private domain or internet (Fig. 5, #104 & #106). 
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Regarding claim 17, Sitaraman discloses the authentication agent/AAA server including a 
local authorization table/data band of profiles for authorizing data units (col. 6, lines 36-58). 

Regarding claim 24, Sitaraman discloses a RADIUS client in the authentication 
agent/AAA (col 7, lines 28-40). 

Claim Rejections - 35 USC §103 

1 1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

12. Claim 1-4, 6 & 1 1-13, as best understood, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent 6,584,505 to Howard et al. (Howard) in view of "Remote 
Authentication Dial In User Service (RADIUS)" by Rigney et al. (Rigney). 

Regarding claim 1, Howard discloses receiving, at an access control node/authentication 
server operatively connected to a plurality of user networks/web, a data unit/access request from 
a user located on one of the plurality of user networks/web (col. 2, lines 15-32), determining that 
the data unit/access request requires authentication (col. 2, lines 33-45) and authenticating the 
determined data unit/access request (col. 2, lines 33-45). Howard lacks determining that the 
authenticated data unit is eligible for transmission. However, Rigney teaches the RADIUS 
protocol, which is used to carry out authentication (abstract) for large numbers of users (§1, HI), 
where the access request is checked for additional information such as client name and port (§2, 
TIl-4). Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to use the RADIUS protocol and hence determine that the authenticated 
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data unit is eligible for transmission. One of ordinary skill in the art would have been motivated 
to perform such a modification to carry out authentication for a large number of users, as taught 
byRigney(§l,1Il&§2, 111-4). 

Regarding claim 2, Howard, as modified above, discloses interrogating the user for 
access/login information (col. 2, lines 33-45). 

Regarding claims 3 & 6, Howard, as modified above, discloses transmitting the access 
information to an authentication server/RADIUS of an external network (Rigney, §2, 111-4). 

Regarding claims 4 & 1 1-12, Howard, as modified above, discloses transmitting an 
authentication message/Access-Accept from the authentication server/RADIUS to the access 
control node/client to permit the user to access the external network (Rigney, §2, l[l-8). 

Regarding claim 13, Howard, as modified above, discloses examining the authentication 
message for authenticity (Rigney, §3, Authenticator and Response Authenticator) 
13. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Howard in view of 
Rigney, as applied to claim 4 above, in further view of U.S. Patent 5,491,752 to Kaufman et al. 
(Kaufman). Howard, as modified above, lacks specifically encrypting the access information 
prior to transmitting it, and decrypting it at the authentication server. However, Kaufrnan 
teaches that to avoid password eavesdropping, it is known to encrypt the password/access 
information (col. 3, lines 26-40). Therefore, it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to encrypt the access information and decrypt it 
at the authentication server. One of ordinary skill in the art would have been motivated to 
perform such a modification to render eavesdropping useless, as taught by Kaufman (col. 3, lines 
26-40). 
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14. Claims 7-8 are rejected under 35 U.S.C. 103(a) as being unpatentable over Howard in 
view of Rigney, as applied to claim 3 above, in further view of "PPP Authentication Protocols" 
by Lloyd et al. (Lloyd). Howard, as modified above, lacks the authentication server employing 
the PAP or CHAP protocols; however, Lloyd teaches that PAP and CHAP are both well-known 
methods of verifying the identity of a peer (pages 1-8, §2-3). Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to employ the 
password authentication protocol or the challenge handshake authentication protocol in the 
authentication server. One of ordinary skill in the art would have been motivated to perform 
such a modification to verify the identity of a peer, as taught by Lloyd (pages 1-8, §2-3). 

1 5. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Howard in view of 
Rigney, as applied to claim 3 above, in further view of "An Access Control Protocol, Sometimes 
Called TACACS" by Finseth. Howard, as modified above, lacks using the terminal access 
controller access control system. However, Finseth teaches that TACACS is a protocol that 
allows an authentication server to receive a usemame and password to accept or deny requests 
for access (page 1, 112-3). Therefore, it would have been obvious to one having ordinary skill in 
the art at the time the invention was made to employ the TACACS protocol in the authentication 
server. One of ordinary skill in the art would have been motivated to perform such a 
modification to accept or deny requests for access on dial up lines, as taught by Finseth (page 1 , 
112-3). 

16. Claim 10, as best understood, is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Howard in view of Rigney, as applied to claim 1 above, in further view of U.S. Patent 
5,546,387 to Larsson et al. (Larsson). Howard, as modified above, lacks packet- labeling the data 
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unit. However, Larsson teaches that data labeling is required in a packet network so that data 
packets can be uniquely assigned a connection and routed between nodes (col. 1, lines 16-27). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to packet-label the data unit. One of ordinary skill in the art would have 
been motivated to perform such a modification to uniquely assign the data unit a connection and 
route the data unit between nodes in a network, as taught by Larsson (col. 1 , lines 16-27). 

17. Claim 14 is rejected under 35 U.S.C. 103(a) as being unpatentable over Howard in view 
of Rigney, as applied to claim 1 above, in further view of U.S. Patent 6,377,955 to Hartmann et 
al (Hartmann). Howard, as modified above, lacks collecting statistical usage information at the 
access node. However, Hartmann teaches that when network access servers/access nodes are 
part of an ISP, accurate accounting of connection time is required so customers are billed 
correctly (col. 1, lines 34-56). Therefore, it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to collect statistical usage information at the 
access node. One of ordinary skill in the art would have been motivated to perform such a 
modification to ensure accurate accounting of connection time so customers are billed correctly, 
as taught by Hartmann (col. 1, lines 34-56). 

18. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sitaraman, as 
applied to claim 15 above, in further view of U.S. Patent 5,903,564 to Ganmukhi et al. 
(Ganmukhi). Sitaraman lacks the user network interface including a plurality of ingress cards 
and the extemal network interface including an egress card. However, Ganmukhi teaches that 
ATM switches (devices for receiving and sending packets) typically include ingress cards and 
egress cards to support multiple connections in transmitting data (col. 1, lines 13-29). Therefore, 
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it would have been obvious to one having ordinary skill in the art at the time the invention was 
made to include a plurality of ingress cards and an egress card. One of ordinary skill in the art 
would have been motivated to perform such a modification to support the transmission of 
packets from multiple connections, as taught by Ganmukhi (col. 1, lines 13-29). 

19. Claim 18 is rejected under 35 U.S.C. 103(a) as being unpatentable over Sitaraman, as 
applied to claim 15 above, in further view of U.S. Patent 6,31 1,275 to Jin et al. (Jin). Sitaraman 
lacks the authentication agent including network address assignment and release means. 
However, Jin teaches that in order for a network to communicate with the user, and IP address 
must be assigned, which can be done by the AAA server (col. 2, lines 34-44). Therefore, it 
would have been obvious to one having ordinary skill in the art at the time the invention was 
made to include, in the authentication agent/AAA server, means to assign and release IP 
addresses. One of ordinary skill in the art would have been motivated to perform such a 
modification to allow the network to communicate with the user, as taught by Jin (col. 2, lines 
34-44). 

20. Claims 19a & 19b, as best understood, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sitaraman, as appUed to claim 15 above, in further view of U.S. Patent 
6,466,977 to Sitaraman et al, (Sitaraman '977). 

Regarding claim 19a, Sitaraman lacks service level enforcing means. However, the '977 
reference teaches that it is desirable to load balance among instances of AAA services and to 
route a user to a sub-service provider based on service level agreements (SLA) (col. 3, lines 14- 
41). Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to further include service level enforcing means. Therefore, it would have 



Application/Control Number: 09/755,037 Page 10 

Art Unit: 2134 

been obvious to one having ordinary skill in the art at the time the invention was made to load 
balance among instances of AAA services and to route users to sub-service providers based on 
SLAs, as taught by Sitaraman '977 (coi. 3, lines 14-41). 

Regarding claim 19b, Sitaraman lacks network resource management means. However, 
the '977 reference teaches that it is desirable to decide the AAA service/resource to use based on 
parameters such as quality of service, available bandwidth, etc. (col. 3, lines 14-41). Therefore, 
it would have been obvious to one having ordinary skill in the art at the time the invention was 
made to include network resource management means. One of ordinary skill in the art would 
have been motivated to perform such a modification because it is desirable to do so, as taught by 
Sitaraman '977 (col. 3, lines 14-41). 

21 . Claim 20, as best understood, is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Sitaraman in view of Sitaraman '977, as apphed to claim 19a above, in further view of 
Hartmann. Sitaraman, as modified above, lacks collecting statistical usage information at the 
access node. However, Hartmann teaches that when network access servers/access nodes are 
part of an ISP, accurate accounting of connection time is required so customers are billed 
correctly (col. 1, lines 34-56). Therefore, it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to include means for statistical usage 
collection. One of ordinary skill in the art would have been motivated to perform such a 
modification to ensure accurate accounting of connection time so customers are billed correctly, 
as taught by Hartmann (col. 1, lines 34-56). 

22. Claim 21a, as best understood, is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Sitaraman in view of Sitaraman '977 and Hartmann, in further view of U.S. Patent 
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6,510,454 to Walukiewicz. Sitaraman, as modified above, lacks alarm-monitoring means. 
However, Walukiewicz teaches that network alarm monitoring is needed to quickly correct the 
problem via a technician or an automated algorithm (col 1, lines 19-33). Therefore, it would 
have been obvious to one having ordinary skill in the art at the time the invention was made to 
include alarm-monitoring means. One of ordinary skill in the art would have been motivated to 
perform such a modification to correct problems via a technician or an automated algorithm, as 
taught by Walukiewicz (col. 1, lines 19-33). 

23. Claims 21b-22, as best understood, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sitaraman, as applied to claim 1 5 above, in further view of "PPP 
Authentication Protocols" by Lloyd et al. (Lloyd). Sitaraman lacks the authentication agent 
including a PAP client or CHAP client; however, Lloyd teaches that PAP and CHAP are both 
well-known methods of verifying the identity of a peer (pages 1-8, §2-3). Therefore, it would 
have been obvious to one having ordinary skill in the art at the time the invention was made to 
include a password authentication protocol or the challenge handshake authentication protocol 
client in the authentication agent. One of ordinary skill in the art would have been motivated to 
perform such a modification to verify the identity of a peer, as taught by Lloyd (pages 1-8, §2-3). 

24. Claim 23, as best understood, is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Sitaraman, as applied to claim 15 above, in further view of "An Access Control Protocol, 
Sometimes Called TACACS" by Finseth. Howard, as modified above, lacks the authentication 
agent including a terminal access controller access control system client. However, Finseth 
teaches that TACACS is a protocol that allows an authentication server to receive a usemame 
and password to accept or deny requests for access (page 1, 112-3). Therefore, it would have been 
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obvious to one having ordinary skill in the art at the time the invention was made to include a 
TACACS client in the authentication agent. One of ordinary skill in the art would have been 
motivated to perform such a modification to accept or deny requests for access on dial up hnes, 
as taught by Finseth (page 1, 1|2-3). 

Conclusion 

25. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (703)305-8 191 . 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4: 15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. -3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (703)308-4789. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, DC 20231 
Or faxed to: 

(703)746-7239 (for formal communications intended for entry) 

Or: 

(703)746-7240 (for informal or draft communications, please label "PROPOSED" 
or "DRAFT") 

Hand-delivered responses should be brought to Crystal Park II, 2121 Crystal Drive, 
Arlington, VA 22202, Fourth Floor (Receptionist). 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (703) 305-9000. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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